Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19-04-2024 01:19
Behavioral task
behavioral1
Sample
f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe
-
Size
2.8MB
-
MD5
f92f9526a002c5ded9caea59cbc71b0e
-
SHA1
ee69348b8df5f96b54589907a06557ef73b9a2ce
-
SHA256
9b702a74237fb3b50fa55b66d5785786037bc524e6fd716526191e80ac1a16aa
-
SHA512
c8a45e870dde53841e6d5692b1151e730688e942434ebc7ed78a12b95407605bcc31c2e8d1ad4d48c26c0aaad5f98678d0de8c32370239b8a77849607f578c79
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91h:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0n1
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1936-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral1/files/0x0037000000014b4c-5.dat upx behavioral1/memory/1936-1925-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral1/memory/1936-8031-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops desktop.ini file(s) 9 IoCs
description ioc Process File created C:\Program Files\Microsoft Games\Chess\desktop.ini f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Mahjong\desktop.ini f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\desktop.ini f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\FreeCell\desktop.ini f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Microsoft Games\Hearts\desktop.ini f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\7-Zip\Lang\hy.txt.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jre7\bin\libxslt.dll.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\bin\kcms.dll f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\settings.html f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\deploy\splash.gif.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Windows Journal\fr-FR\PDIALOG.exe.mui f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File opened for modification C:\Program Files\VideoLAN\VLC\README.txt f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.exe f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll f92f9526a002c5ded9caea59cbc71b0e_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
MD55d7774f31034d96e601cf99dd3e874f3
SHA1166786a42fb400c657833e498b184b2c443e9ea2
SHA256141a5c3c990db01050ae3f572d92a12af45aaac4b0a30a8efd0b87ec5d3650b0
SHA512a1e2558eff27f7f4c9a2f4086c755a1200ecf547eb738d6ba89ed101b81241cb6ebcd098b7d1490834cb7c9b73ddc731240d7d81164e64faea5faa49a19dae55